package www.cskaoyan.com.dao;

import www.cskaoyan.com.dao.JDBCUtils.ConnectionPool;

import java.sql.*;

public class LoginDao {

    Connection connection;

    /**
     * 根据账号获取账号对应id: (如果有多个账号, 获取一个id)
     * @param userAccount: 账号名
     * @return: id
     */
    public Integer getIdByAccount(String userAccount) throws SQLException {
        connection = ConnectionPool.getConnection();
        Statement statement = connection.createStatement();
        // 注意未做注入检查
        ResultSet resultSet = statement.executeQuery("select id from user where userAccount= '"+ userAccount + "'");
        while (resultSet.next()) {
           int id = resultSet.getInt("id");
            ConnectionPool.returnConnection(connection);
           return id;
        }

        return null;
    }

    public Integer getIdByAccountAndPassword(String userAccount, String userPassWord) throws SQLException {
        connection = ConnectionPool.getConnection();

        String sql = "select id from user where userAccount = ? and userPassWord = ?";
        PreparedStatement preparedStatement = connection.prepareStatement(sql);
        preparedStatement.setString(1, userAccount);
        preparedStatement.setString(2, userPassWord);

        ResultSet resultSet = preparedStatement.executeQuery();

        while (resultSet.next()) {
            int id = resultSet.getInt("id");
            ConnectionPool.returnConnection(connection);
            return id;
        }
        return null;
    }
}
